Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2011/06/08 12:0 a.m.•39 views

Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way java handles color...

9CVSS5.6AI score0.06277EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/06/08 12:0 a.m.•39 views

Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the way Java handles color...

9CVSS5.1AI score0.06277EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/06/08 12:0 a.m.•39 views

Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS2.4AI score0.02734EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/04/20 12:0 a.m.•39 views

Nortel CS1000 Communications Server Remote Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Nortel CS1000 Communication Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the process listening on UDP port 5100. When parsing ...

10CVSS6.6AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/04/12 12:0 a.m.•39 views

(Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Intern...

9CVSS1.9AI score0.40875EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2011/02/08 12:0 a.m.•39 views

Adobe Reader u3d Parent Node Count Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D componen...

9CVSS3.7AI score0.40134EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/12/15 12:0 a.m.•39 views

Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the portion of the server that generates reports. Due to the combination ...

10CVSS7.5AI score0.05048EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/11/10 12:0 a.m.•39 views

Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application'...

9CVSS9.2AI score0.02987EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2010/11/10 12:0 a.m.•39 views

Apple QuickTime GIF LZW Decompression Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the application's implementation of the LZ...

9CVSS9.6AI score0.02961EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2010/10/27 12:0 a.m.•39 views

Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which...

10CVSS6.8AI score0.05822EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/10/19 12:0 a.m.•39 views

Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in js3250.dll. When a...

9CVSS9.5AI score0.06451EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/31 12:0 a.m.•39 views

Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx...

9CVSS6.8AI score0.42668EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/24 12:0 a.m.•39 views

Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

9CVSS7AI score0.06051EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/10 12:0 a.m.•39 views

Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the connect...

10CVSS5.9AI score0.06751EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/06/16 12:0 a.m.•39 views

Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...

10CVSS3.2AI score0.06751EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/06 12:0 a.m.•39 views

Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the primary...

10CVSS3.8AI score0.12199EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•39 views

Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla...

10CVSS2.9AI score0.05203EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•39 views

Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control...

10CVSS3.5AI score0.80603EPSS
Exploits13References1
Zero Day Initiative
Zero Day Initiative
•added 2010/03/16 12:0 a.m.•39 views

SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value...

10CVSS1.8AI score0.15218EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2009/11/30 12:0 a.m.•39 views

Novell ZENworks Desktop Management Installation Service Remote Information Disclosure Vulnerability

This vulnerability allows remote attackers to impersonate valid users in vulnerable installations of Novell ZENworks Desktop Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to an information leak when querying the AWSI service which listens b...

6.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/08/18 12:0 a.m.•39 views

Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...

10CVSS4.9AI score0.72638EPSS
Exploits8References1
Zero Day Initiative
Zero Day Initiative
•added 2009/03/24 12:0 a.m.•39 views

Adobe Acrobat getIcon() Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious file. The specific flaw exists when processing malicious JavaScript...

9.3CVSS3.2AI score0.96632EPSS
Exploits14References1
Zero Day Initiative
Zero Day Initiative
•added 2009/02/10 12:0 a.m.•39 views

Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects...

9.3CVSS3.9AI score0.85277EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
•added 2007/10/31 12:0 a.m.•39 views

Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of th...

9.3CVSS3AI score0.20906EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/20 12:0 a.m.•39 views

Panda Software AdminSecure Agent Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Panda AdminSecure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AdminSecure agent which binds by default to TCP port 19226 or 19227. When processi...

9.3CVSS2.9AI score0.09469EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/11 12:0 a.m.•39 views

Samba lsa_io_trans_names Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to...

10CVSS5.6AI score0.77806EPSS
Exploits23References1
Zero Day Initiative
Zero Day Initiative
•added 2007/07/11 12:0 a.m.•39 views

Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the DFS RPC interface. When parsing a request to DFSEnum, heap allocation ...

10CVSS5.4AI score0.77806EPSS
Exploits23References1
Zero Day Initiative
Zero Day Initiative
•added 2006/11/14 12:0 a.m.•39 views

Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CS...

5.1CVSS3.8AI score0.24798EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2006/10/10 12:0 a.m.•39 views

Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .PPT file. The specific flaw exists during the parsing of a malformed slide notes field within the...

9.3CVSS5.1AI score0.3634EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/13 12:0 a.m.•38 views

(0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

8.8CVSS6.9AI score0.01247EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•38 views

X.Org Server DeepCopyPointerClasses Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Button...

7.8CVSS7.7AI score0.01587EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•38 views

X.Org Server ProcXIChangeProperty Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.7AI score0.0062EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/11/20 12:0 a.m.•38 views

NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of prop...

8.8CVSS7.8AI score0.52562EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/27 12:0 a.m.•38 views

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF vide...

8.8CVSS7.4AI score0.01871EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/12 12:0 a.m.•38 views

Microsoft Office Word FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

7.8CVSS6.7AI score0.00491EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/08/24 12:0 a.m.•38 views

(Pwn2Own) HP Color LaserJet Pro M479fdw msws Server-Side Request Forgery Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msws service. The issue results from the lack of...

8.8CVSS7.3AI score0.01849EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/25 12:0 a.m.•38 views

Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS6.8AI score0.00284EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•38 views

Apple macOS AudioToolbox CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS5.8AI score0.00305EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/15 12:0 a.m.•38 views

D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...

6.8CVSS7.4AI score0.0176EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/15 12:0 a.m.•38 views

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...

6.8CVSS7.4AI score0.0176EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/01 12:0 a.m.•38 views

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.7AI score0.02163EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/11 12:0 a.m.•38 views

Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSSXmlUrlResolver class. The issue results from the lack of proper validati...

7.1CVSS6.2AI score0.06233EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/31 12:0 a.m.•38 views

X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of overlay...

7.8CVSS7.7AI score0.0044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•38 views

Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of embedd...

7.8CVSS7.7AI score0.00408EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•38 views

Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

7.8CVSS7.7AI score0.00275EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•38 views

Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

3.3CVSS5.7AI score0.00313EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•38 views

Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.6AI score0.02574EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/25 12:0 a.m.•38 views

GnuPG libksba CMS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of CMS...

8.1CVSS5.6AI score0.01635EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/21 12:0 a.m.•38 views

(Pwn2Own) Kepware KEPServerEX Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper...

9.1CVSS5.9AI score0.03366EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/07 12:0 a.m.•38 views

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS4.2AI score0.00386EPSS
Exploits0References1
Total number of security vulnerabilities5000